github - ghsa-4r2w-j4p7-rw4p

GHSA-4R2W-J4P7-RW4P

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-10-25 19:00

Details

The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-31349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-19T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.",
  "id": "GHSA-4r2w-j4p7-rw4p",
  "modified": "2022-10-25T19:00:33Z",
  "published": "2022-05-24T19:17:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31349"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11256"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-31349 (GCVE-0-2021-31349)

Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-16 23:10

Title

Session Smart Router: Authentication Bypass Vulnerability

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11256

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	128 Technology Session Smart Router	Affected: unspecified , < 4.5.11 (custom) Affected: 5.0 , ≤ 5.0.1 (custom)

Credits

128 Technology was notified via the JVN community of the vulnerability as JVN#85073657.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11256"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "128 Technology Session Smart Router",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "4.5.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.0.1",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "128 Technology was notified via the JVN community of the vulnerability as JVN#85073657."
        }
      ],
      "datePublic": "2021-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-19T18:16:28",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11256"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "128 Technology has released software updates that address the vulnerability described in this advisory. \n\nFixed Releases:\nThe following 128T software patches have been released to resolve this specific issue: 4.5.11, 5.1.0, and all subsequent releases.\nCustomers who are running 5.0.0 or 5.0.1 should upgrade to 5.1.6 or later.\n\nInstructions for upgrading the 128T Networking Platform can be found at https://docs.128technology.com/docs/intro_upgrading ."
        }
      ],
      "source": {
        "advisory": "JSA11256",
        "defect": [
          "I95-41227"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Session Smart Router: Authentication Bypass Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "While no workarounds exist for this vulnerability, risk exposure can be mitigated. HTTP access to the SSR occurs on TCP port 443. It is recommended to install firewall rules to permit access only from trusted IP addresses."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
          "ID": "CVE-2021-31349",
          "STATE": "PUBLIC",
          "TITLE": "Session Smart Router: Authentication Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "128 Technology Session Smart Router",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.5.11"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5.0",
                            "version_value": "5.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "128 Technology was notified via the JVN community of the vulnerability as JVN#85073657."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287 Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11256",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11256"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "128 Technology has released software updates that address the vulnerability described in this advisory. \n\nFixed Releases:\nThe following 128T software patches have been released to resolve this specific issue: 4.5.11, 5.1.0, and all subsequent releases.\nCustomers who are running 5.0.0 or 5.0.1 should upgrade to 5.1.6 or later.\n\nInstructions for upgrading the 128T Networking Platform can be found at https://docs.128technology.com/docs/intro_upgrading ."
          }
        ],
        "source": {
          "advisory": "JSA11256",
          "defect": [
            "I95-41227"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "While no workarounds exist for this vulnerability, risk exposure can be mitigated. HTTP access to the SSR occurs on TCP port 443. It is recommended to install firewall rules to permit access only from trusted IP addresses."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-31349",
    "datePublished": "2021-10-19T18:16:28.461957Z",
    "dateReserved": "2021-04-15T00:00:00",
    "dateUpdated": "2024-09-16T23:10:43.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-4R2W-J4P7-RW4P

CVE-2021-31349 (GCVE-0-2021-31349)

Tags

Sightings

Nomenclature